Shulou(Shulou.com)06/01 Report--

Getting started with SQLMap what is SQLMap?

SQLMap is an automated SQL injection tool whose main function is to scan, discover and exploit SQL injection vulnerabilities in a given url

There are many built-in bypass plug-ins that support databases such as MySQL, Oracle, postgreSQL, MicrosftSQL server, IBM DB2, etc.

SQLMap uses the following five unique SQL injection techniques

Blind injection based on Boolean value, that is, time-based blind injection according to the returned page to judge whether the condition is true or false, can not judge any information according to the content returned by the page, use conditional statements to check whether the time delay statement has been executed to determine the injection based on error, and the page will return error messages, or return the results of the injected statements directly to the page for joint query injection. Injection heap query injection in the case of using union, the powerful functions of injecting SQLMap when multiple statements can be executed at the same time include database fingerprint identification, database enumeration, database extraction, access to the target folder system, and the implementation of arbitrary instructions when obtaining full operation rights. The function of SQLMap is very powerful, when other injection tools can not take advantage of SQL injection vulnerabilities, using SQLMap will have unintended results SQLMap installation

SQLMap needs the support of python2 environment, but python3 is not supported for the time being.

Download the address of SQLMap sqlmap on the official website.

Download the address of Python python on the official website.

Download the python2 version of the corresponding system on the official website

Check whether the python environment variable is installed successfully after the download is completed

For ways to download and install python, please refer to the previous blog.

After completing the above content

Here, I put python and SQLMap under disk C and set them according to the actual situation.

Put the downloaded SQLMap folder into the Python2 folder

Open CMD

First check whether the environment of pytho is installed successfully

Switch the path of cmd to the installation path of python

I am downloading to the root directory of C disk.

Cd / switch to c disk root directory python check the environment of pytho appears the version of python and successful cd / python2/sqlmap/sqlmap.py switch the path to the sqlmap.py# under sqlmap specific path according to the actual situation set according to the actual situation do not know where the sqlmap.py file can enter the folder after dir check, run sqlmap.py occurrence information and successful SQLMap usage

First of all, we need to make sure that the sqli-labs environment built last time is successful.

Make sure that sqli-labs can successfully access Less 1 below

After clicking in, a black interface displays SQLI DUMB SERIES-1.

Then we copy the URL above.

Here, my address is http://127.0.0.1/sqli-labs-master/Less-1/?id=1

After the replication is completed, we enter the sqlmap environment in cmd.

Here you can set the default path of cmd. Set the default path of cmd to the path of sqlmap.py.

Create a new shortcut and enter cmd to change the path in the properties after the creation is completed.

Detect whether there is injection on the target web page

Enter the cmd after the change is completed and prompt for the information of sqlmap.

At this point, we use the SQL injection statement to determine whether the target URL has injection.

Sqlmap.py-u http://127.0.0.1/sqli-labs-master/Less-1/?id=1 # detects whether there is injection in the target URL

Enter the entry and display the content as shown in the figure.

In the process of testing, you can enter directly at the place where you enter YWeiN.

The first four types circled in the red box are the injection types. Let's take a look at the injection types according to the injection types we talked about at the beginning.

Type: boolean-based blind # Boolean-based blind injection Type: error-based # error-based injection Type: time-based blind # time-based blind injection Type: UNION query # joint query injection

What you can see in the last red box is the database version, server type, php version and Apache version of the target.

Get the field content specified by the database

Here we use SQLMap to get the id password username content under the security database

First of all, you need to make sure that the database is running. I'm using phpmyadmin here.

Here we use the security library that we imported when we built the vulnerability environment

The command is as follows

Sqlmap.py-u http://127.0.0.1/sqli-labs-master/Less-1/?id=1-D security-T users-C id,password,username-- dump#-D specifies the table name under the database-T database-C specifies the required columns-- dump gets all the information

Get all users in the database

The function of this command is to list all users in the database. When the current user has permission to read the table containing all users, you can use this command to list all administrative users.

Sqlmap.py-u http://127.0.0.1/sqli-labs-master/Less-1/?id=1-- users

Get the password of the database

The function of this command is to list the password of the user in the database. If the current user has permission to read the password containing the user, sqlmap will list the user, then list hash, and try to crack it.

Sqlmap.py-u http://127.0.0.1/sqli-labs-master/Less-1/?id=1-- passwords

We see that the hash value of the database password is listed here. If we don't crack it here, we can copy the value of this password hash.

Take this value to the cracking website to try to crack it.

Here, let's take the password hash in the picture as a demonstration.

Password hash: * 81F5E21E35407D884A6CD4A731AEBFB6AF209E1B

Frequently asked questions python environment

With regard to the python environment, if you select this option of Add Path when installing the wizard

There is no need to manually add the python environment later.

If you forget to check this option, we need to manually add the installation path of python in my computer-Management-Advanced Settings-environment variable to add the python environment.

For more details, please refer to the previous blog.

SQLMap run instruction reports an error

As long as the order is not typed wrong, there will be no problem.

Check whether your statement is correct or check that the address of the sqli-labs page is the same as the one actually entered.

Summary

Please use the loophole environment built by yourself, do not use it for illegal purposes, only for learning

Beginner SQL injection, please forgive me if it is not well written.

The last vulnerability environment and SQLMap must pay attention to whether the path you entered is correct.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.